Implementing Social Login for U-M Services

Social Login at U-M allows people to use a social account they already have (such as Facebook, LinkedIn, or others) to log in to a service at U-M instead of using a uniqname and UMICH password or a Friend account. Two university units have begun using social login for specific services:

Consider Social Login for Guest Access

U-M IT staff should consider social login when they want people who do not have a uniqname to quickly and easily log in to a U-M service. Social login is

  • A good alternative to the use of Friend accounts.
  • Easy for people to use. No need to create a U-M account and password for something they access infrequently.
  • Tied to a specific service—allows login only to that one service.

Use of uniqnames is preferred for users who are current faculty, staff, students, or sponsored affiliates. It is also preferred for alumni who use their uniqname and password frequently enough to remember them with ease. Social login is primarily a means of providing guest access.

Social login is enabled on a per-service basis at the discretion of the U-M unit or department providing the service. It is not appropriate for services where sensitive university data is stored or maintained.

Requires Shibboleth Integration

To implement social login at U-M, your service first needs to be set up as a Shibboleth Service Provider to allow Shibboleth authentication (which uses SAML). See Getting Started With Shibboleth for details.

Requesting Social Login

ITS expects to acquire licenses for social login implementations only as needed for use by university units, so let us know as soon as possible if you want to consider allowing users of your service to log in with a social account. Contact the ITS Service Center with your inquiry. Someone from the Identity & Access Management team will contact you to explore the feasibility of implementation for your service.